Data on more than 2.3 million people connected to Moody Bible Institute is now circulating freely online after the Chicago-based Christian college apparently refused to pay an extortion demand from ShinyHunters — and the fallout is still widening weeks later, with the dataset now indexed by Have I Been Pwned and breach-notification letters and class-action investigations following behind it.
For an institution whose community is built on trust — donors, students, alumni, and supporters spanning decades — the exposure is about as comprehensive as it gets.
Six Systems, 23 Gigabytes
ShinyHunters posted Moody Bible Institute to its dark-web extortion site on June 15, claiming more than 23GB of records stolen from six separate institutional systems:
- The institute’s core MBI database
- Its Salesforce marketing platform
- A PeopleSoft enterprise system
- The Horizon student information system
- The WHPD donor database (tied to Moody’s radio ministry)
- Cadence admissions software
The group set a payment deadline of June 18 and warned the institute would face “several annoying digital problems” if it refused. When no payment materialized, ShinyHunters published the full dataset on June 23.
The leaked records include names, genders, dates of birth, physical and email addresses, phone numbers, and marital statuses, alongside internal documents concerning donor relations and the institute’s supporters, students, and alumni.
Part of a Bigger Campaign
Moody was not an opportunistic one-off. The attack was staged as part of ShinyHunters’ broader PeopleSoft-focused campaign against education institutions — a wave that has seen the extortion collective work through university and college back-office systems the same way Cl0p once worked through file-transfer appliances.
The group’s recent track record explains why any victim should take its deadlines seriously: ShinyHunters has been linked to high-profile incidents involving Salesforce-hosted data, Carnival, Pitney Bowes, and — as we covered earlier this year — the claimed 1-petabyte Telus Digital breach and the Cisco source code theft. Publishing when victims refuse to pay is the group’s standard operating procedure, not a bluff.
Why This Data Is Worse Than It Looks
There are no Social Security numbers or payment cards in the published fields, which may tempt some readers to shrug. That would be a mistake, for two reasons.
First, donor data is targeting data. A file that says who gives money to a faith-based institution, how they can be reached, and where they live is a ready-made phishing kit. Expect convincing donation appeals, “payment problem” emails spoofing Moody’s advancement office, and phone scams aimed at elderly donors — the demographic most likely to appear in a decades-deep donor database and least likely to spot a spoofed sender.
Second, the dataset is now public. Extortion leaks don’t stay on dark-web panels. Once published, the data gets mirrored, repackaged, and folded into the combo lists that fuel credential-stuffing and identity-fraud operations for years. Inclusion in Have I Been Pwned confirms the cache is already in broad circulation.
What Affected Individuals Should Do
If you have ever studied at, donated to, or subscribed to communications from Moody Bible Institute or its media ministries:
- Treat unsolicited fundraising contact as hostile until verified. Call the institution back on a published number; never pay via a link in an email.
- Watch for tailored phishing referencing your real address, birth date, or giving history — details from this leak will make scams unusually convincing.
- Check Have I Been Pwned for your email address and rotate any password reused across accounts tied to it.
- Elderly family members who were donors need a direct conversation — they are the priority target for the phone-scam wave that reliably follows leaks like this one.
Moody disclosed the incident in June and continues to investigate. But the extortion clock has already run out, and the data is already gone — the only question left is how effectively the 2.3 million people in it can defend themselves against what comes next.



